Legal

Privacy Policy

Data handling, storage, and isolation guarantees for Neurofort workspaces.

Updated February 25, 2026

1. What We Collect

Neurofort collects the minimum data required to provide its services:

  • Account data: Email address, name, and password hash (PBKDF2). If you sign in via Discord, we receive your Discord user ID, username, and avatar.
  • Community data: Discord server (guild) ID, stored memories, AI council session transcripts, and agent configurations.
  • Usage data: API call counts for billing and rate limiting. We log IP addresses temporarily for security.
  • BYOK API keys: Your LLM provider API keys are encrypted with AES-256-GCM and only decrypted in-memory during API calls. We never log or store them in plaintext.

2. How We Use Your Data

  • To provide and improve Neurofort's memory search, AI council, and community management features.
  • To process billing via Stripe (we do not store credit card numbers).
  • To prevent abuse via rate limiting and audit logging.

3. Data Isolation

Each community's data is strictly isolated. Memories, agents, and settings from one community are never accessible to another. All queries are scoped by organization ID. There is zero cross-community data leakage by design.

4. Data Storage

Data is stored on Cloudflare's global edge network using D1 (SQLite), R2 (object storage), and Vectorize (embeddings). All data is encrypted in transit (TLS) and at rest (Cloudflare's infrastructure encryption). API keys are additionally encrypted with AES-256-GCM using per-community derived keys.

5. Third-Party Services

  • Cloudflare: Infrastructure, hosting, and edge computing.
  • Stripe: Payment processing for paid tiers.
  • Discord: Bot integration and OAuth2 authentication.
  • LLM Providers (BYOK): Your API keys are passed to the providers you choose through Cloudflare AI Gateway. Production traffic uses zero prompt/response retention privacy controls.

6. Data Deletion

You can delete your community and all associated data from the Settings page. Account deletion removes all personal data. We retain audit logs for 90 days for security purposes.

7. Discord Bot Permissions

The Neurofort bot requests only the permissions it needs:

  • View Channels - to read channels where it operates
  • Send Messages - to respond to commands
  • Embed Links - to format responses
  • Read Message History - for memory recall context
  • Create Public Threads - for AI council sessions

The bot does not read or store messages unless explicitly triggered via slash commands (/remember, /recall, /council, /skills, /code).

8. Contact

For privacy-related inquiries, contact us at privacy@pyro1121.com.